#Androidマルウェア解析メモ
##はじめに ここでは偶然入手したAndroidアプリが、ユーザの意図しないタイミングで送信されていることが分かり、簡単に解析をしたので、メモレベルですが共有します。
##ダイレクトメール
私の元にこのようなメールが届きました。私も携帯の電池切れには悩んでいるので、このような便利なアプリがあればぜひ使いたいと思い調査しようと思いました。
yoshinori matsumoto ym405nm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| print "test" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| syntax: glob | |
| .htaccess | |
| wp-*.php | |
| xmlrpc.php | |
| wp-admin/ | |
| wp-includes/ | |
| wp-content/uploads/ | |
| wp-content/blogs.dir/ | |
| wp-content/upgrade/* | |
| wp-content/backup-db/* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .classpath | |
| .project | |
| syntax: glob | |
| *.class | |
| *.apk | |
| *.dex | |
| *.ap_ | |
| *.suo | |
| .metadata\* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| warning: no files found matching '*.txt' under directory 'src/lxml/tests' | |
| src/lxml/lxml.etree.c: In function '__pyx_f_4lxml_5etree__getFilenameForFile': | |
| src/lxml/lxml.etree.c:26088:7: warning: variable '__pyx_clineno' set but not used [-Wunused-but-set-variable] | |
| src/lxml/lxml.etree.c:26087:15: warning: variable '__pyx_filename' set but not used [-Wunused-but-set-variable] | |
| src/lxml/lxml.etree.c:26086:7: warning: variable '__pyx_lineno' set but not used [-Wunused-but-set-variable] | |
| src/lxml/lxml.etree.c: In function '__pyx_pf_4lxml_5etree_4XSLT_18__call__': | |
| src/lxml/lxml.etree.c:132276:81: warning: passing argument 1 of '__pyx_f_4lxml_5etree_12_XSLTContext__copy' from incompatible pointer type [enabled by default] | |
| src/lxml/lxml.etree.c:130237:52: note: expected 'struct __pyx_obj_4lxml_5etree__XSLTContext *' but argument is of type 'struct __pyx_obj_4lxml_5etree__BaseContext *' | |
| src/lxml/lxml.etree.c: In function '__pyx_f_4lxml_5etree__copyXSLT': | |
| src/lxml/lxml.etree.c:133665:79: warning: passing argument 1 of '__p |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>test</title> | |
| <meta charset="utf-8"> | |
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js"></script> | |
| <script> | |
| $(function(){ | |
| var url = "http://localhost/"; | |
| $.getJSON(url,null,function(data){ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def search(self, text) : | |
| api = tweepy.API() | |
| results = api.search(urllib.quote_plus(text.encode('utf-8')), include_entities=True, lang=self.config[0]['lang']) | |
| for result in results : | |
| if result.entities.has_key('media') : | |
| medias = result.entities['media'] | |
| text = '@' + result.from_user + "\n" + result.text | |
| for m in medias : | |
| media_url = m['media_url'] | |
| print media_url |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * The base configurations of the WordPress. | |
| * | |
| * This file has the following configurations: MySQL settings, Table Prefix, | |
| * Secret Keys, WordPress Language, and ABSPATH. You can find more information | |
| * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing | |
| * wp-config.php} Codex page. You can get the MySQL settings from your web host. | |
| * | |
| * This file is used by the wp-config.php creation script during the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule dir_module> | |
| DirectoryIndex index.php | |
| </IfModule> |
ym405nm
/ AndroidMalwareMemo.md
Last active
December 11, 2015 03:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>お問い合わせフォーム</title> | |
| </head> | |
| <body> | |
| <h1>お問い合わせフォーム</h1> | |
| <div style="background-color:pink"> | |
| このフォームにはXSSがひとつあります。発生個所と対策(ソースのここを直す)を指摘してください。 |
OlderNewer